The secret DfE agreement with the Home Office to use pupil data to find and match family records including “to further the aims of the Hostile Environment” was exposed in 2016. But monthly handovers continue. Now it seems it’s open season to give pupil data to the rest of government too.
Another secret policy has started, this time using the National Pupil Database (NPD) to match records on demand from the Department of Work and Pensions (DWP). Welfare benefit fraud detection is a legitimate government task, but is using children’s school records to do so?
What’s next? Only last year Michael Gove suggested that the parents of pupils who truant from school could have their child benefits stopped.
It will soon be compulsory for schools to send every child’s named attendance record to the DfE twice daily. Termly on nearly everything else. How will we know if pupil data is used for more by the DWP? Who knows if their family’s personal confidential records are in the haystack of 23 million+ records used to find the fraudulent needle?
The problem with secret data re-use, beyond statistics, is that there is no way to know when errors are made, or how to get it fixed if you are wrongly caught up in any operational exercise.
That’s why data protection law says, bar very narrow exceptions, people must be told where personal data goes and why, and how they can exercise their rights, including a right to object.
But when Michael Gove decided in 2013 to give away identifying pupil data to commercial companies too, “for a wider range of purposes than currently possible” to “maximise the value of this rich dataset,” he didn’t inform families or offer any opt out. So much for the importance he placed on parental choice.
The lives of our children encoded in data are not the government’s to give away. Data is controlled, not owned and that carries obligations to communicate to those in the dataset. Around 15 million people in the NPD then had already left school and that number grows each year. Who is going to tell them?
In 2018, DefendDigitalMe polled 1,004 parents via Survation after the widely-reported schools’ boycott of nationality and country of birth. More than two-thirds (69 per cent) still had no idea that the NPD existed or that their families’ personal data could be given away from it.
The 2019-20 ICO audit of the department found failings in the provision of privacy information and that, “many parents and pupils are either entirely unaware of the School Census and the inclusion of that information in the NPD or are not aware of the nuances within the data collection, such as which data is compulsory, and which is optional.”
But there’s been no meaningful change and each time the DfE comes up with a new use for our personal data, it seems they simply ignore the law on informed processing. It is likely to be made worse by the weakening of data protection law as it is being rewritten by MPs right now, even giving the DWP powers to get ‘signals’ from all our bank accounts about receiving welfare benefits.
The named data on every child in a state-funded setting is collected only for the purposes of their education as far as they know. It’s what the law says it is for which allows collection in the first place. Not for the DfE to hand over to the DWP or the Home Office, or to the Merseyside police given 2,136 pupil records in 2019, or to give away to create heat maps for estate agents (just one of the approved commercial uses).
Schools are joint data controllers. It’s time to speak out on how the personal data entrusted to teachers is used. If a school handed over their entire community’s records to a commercial business without telling families, there would be outcry over a safeguarding failure.
The misuse of chidren’s data for non-educational purposes must end, and the next government must guarantee every child an opt-out.
Your thoughts